CAC/Smartcard User Info Not Accepted, Must Use Domain Usr/pwd Instead For SSL Site
Sep 9, 2009
Having an issue with random individuals trying to access an intranet site with a security certificate. Most users are able to simply select their Smartcard/CAC certificate, enter the pin number and then are granted access to the site's pages.
However, random individuals enter their pin and then are immediately re-prompted by the IE alert dialogue to enter their domain username and password. If they don't enter their network domain username and MS password, then they receive a 401.1 Unauthorized.
I am confused as to why these certain users (who are selecting the same certificates as the successful ones) are being prompted for their domain name/pwd. Furthermore, they're able to access other sites which require a CAC to get past the security certificate.
Possible that a user token is unable to be established via a CAC for the particular site, but not sure why. Since these users are getting a 401.1, then somehow their identity associated with their CAC credentials is not validating.
In IIS: Anonymous users are not allowed (unchecked). 128-bit encryption is required with SSL. Integrated Windows Authentication is checked. Accepting client certificates In the site's web.config file all users are allowed and only anonymous are denied.
Developed in asp.net 3.5
We have tried to reproduce the problem in testing and development environments, but have fortunately/unfortunately been unable to duplicate this issue. This furthermore eludes to an issue that might be isolated to the production server, users access to it, and/or the certificate that is applied to that SSL website on that server.
The exact same setup is present on the development box without any issues at all, indicating to me that the problem resides on the production server's ability to properly receive/handle CAC information from those individuals or that something funky is going on with the way the security certificate is relating to the client's CAC x.509 certificate.
A little more information that may be of use: the browser prompt that initially asks for the CAC has nothing to do with the code of the site, but rather is enabled by applying the security certificate to a site in IIS; thus indicating to me that there is something written into the certificate that looks for client certificates tied to the ActivClient agent via the browser?
The violating users' cards work on all other applications and even on SSL sites on other servers that bring up a CAC prompt. I believe we have confirmed that the certificates associated with their cards and their IE browsers are valid through 2015 (or longer in some cases), and are the same in nature (x509 certificate from the card)... and issuer is being consistently selected as DOD Email CA-15 (though the regular DOD CA-15 works as well). Again, maybe something with the fact that it's isolated to one production server, something with the SSL cert. on that url or user access?
Then again, I probably have no idea what i'm talking about, just throwing a bone here to see if anyone has had the same issue or has any ideas.
View 0 Replies
ADVERTISEMENT
May 7, 2007
I thought I knew enough about my .htaccess stuff to do this, but I can't seem to work it out. What I want to do is if a user visits domain.com/folder, we check to see if the folder exists. If so, show as normal (IE domain.com/support)
If a user visits domain.com/dynamicusername (dynamicusername is not a physical folder), redirect to dynamicusername.domain.com
View 3 Replies
View Related
Oct 26, 2009
info on user preferences when buying a VPS for running CentOS.
Feel free to PM me if you do not want your answers to be publicly displayed.
When you are buying a VPS to run CentOS:
1. Do you want to install the operating system on it or do you want it pre-installed with defaults?
2. Do you want the server to run Gnome desktop or is SSH access enough?
3. If you have it running a desktop, is accessing it using VNC over an SSH tunnel connection acceptable or do you need some other way to access the GUI?
View 6 Replies
View Related
Dec 11, 2007
My company is just getting into web hosting. We currently have 10-15 sites that we are hosting. What do you guys use to keep track of all the details for the site (location, company info, etc). We're using a homegrown filemaker database atm, but we don't want to continue using this when we get 50+ sites. It doesn't matter if its web-based or a standalone program.
View 6 Replies
View Related
Jun 26, 2008
Summary on Issue I have with IX Hosting
I am disappointed on the option provide to me by IX webhosting to resolved my issue.
Summary:
1. My hosting and domain was handle by a previous staff which is charge to a CC belong to that staff.
2. The staff was fired and he filled a chargeback with his CC without me knowing it on the hosting.
3. Account was then suspended and there isn't anything that I can do about it.
Option left for me:
1. Nothing that IX webhosting is able to do beside asking me to recontact my ex staff to contact his bank which is not possible (the case was closed by the bank according to my ex staff when i was able to contact him).
2. Spending another 1 - 2 year time to rebuilt another website to bring in traffic since the url and hosting are frozen by IX webhosting.
3. Filled a complain to complain board and point this problem out to public where an admin or account making payment for URL and hosting can screwed up the company at any one point while hosting with IX webhosting.
View 7 Replies
View Related
Jul 19, 2008
i have been fumbling around trying to set up a first site on a fresh install of debian on a server... seems like helplessly for hours and hours, trying to figure out how this ftpd works with debian
there are only 2 files from what i see on the server
ftpchroot and ftpusers - i fianlly found the manual 'man ftpd' this helped a little...
i found this in another thread, to maybe help with adding a user, does not work in my setup...
adduser --home /home/username --shell /bin/false username (how do i remove this user that does not work?)
my server path to sites is this
/home/www/html/websitename.com/html
what do i need to do to get ftp to actually work?
View 3 Replies
View Related
Apr 12, 2007
well they get permission denied to view the site, i have flushed the server firewall but yet again several user dont get access to view the site...
View 6 Replies
View Related
Feb 16, 2009
I have a user who says he cannot get to any site on my server from either home or work. He has been a user for many years, and has never had any problems. He has also checked with his IT at work and they confirmed the site is not available. He is computer savvy, so I trust he is telling the truth.
His work and home are only 10 miles apart.
Do you guys have any ideas what could be happening? Is there a DNS entry wrong somewhere? He can't access the site even when putting in the IP address.
There is one other user reporting something similar but other than that no other complaints. The site works fine for everyone else.
site is gm-trucks.com
View 4 Replies
View Related
Aug 13, 2008
Who knows VPS provider (located anywhere) accepting e-gold for payments?
View 3 Replies
View Related
May 16, 2008
With my sshd installation, I have password authentication disabled, and only accept key-based auth. What I want to do is, make sshd lie about it's accepted authentication methods, or even make up a few to confuse anyone who's trying to connect. For example,
[root@vps2 ~]# ssh hah.cx
Permission denied (publickey).
I'd like to make it show something like,
[root@vps2 ~]# ssh hah.cx
Permission denied
View 3 Replies
View Related
Jul 4, 2014
I have Plesk 11.5.30 Update #47, Centos OS 6.5 x64, MTA Qmail 1.03
Today I encountered a estrange thing, a disabled mailbox was accepting mail but not bouncing it.
In the panel the "user@tld.com" mailbox is disabled, if a email is sent to that address Qmail accepts it:
Jul 4 17:51:35 mx3 qmail-queue-handlers[27432]: Handlers Filter before-queue for qmail started ...
Jul 4 17:51:36 mx3 qmail-queue-handlers[27432]: from=root@mx3
Jul 4 17:51:36 mx3 qmail-queue-handlers[27432]: to=user@tld.com
Jul 4 17:51:36 mx3 qmail-queue-handlers[27432]: handlers_stderr: SKIP
[Code] ....
No mail is bounced, nothing, the message is not in the mailbox.
Tested in several accounts the result is the same, even in a new created account.
View 2 Replies
View Related
Dec 3, 2007
One of my clients has 2 accounts:
- foo.com, with a mail account info@foo.com.
- bar.com, with domain forwarding to foo.com.
Sending an email message to info@foo.com works.
Sending an email message to info@bar.com doesn't work. When using the ZoneEdit SMTP test utility I get the following error message:
Code:
> RCPT TO:<info@bar.com>
< 550 5.1.1 User unknown: info@bar.com
I checked "/etc/vdomainaliases/bar.com" and "/etc/localdomains", they are configured properly.
Any suggestions?
View 0 Replies
View Related
Jan 21, 2008
i've been researching this but can't seem to find a decent solution.
basically trying to limit the cpu usage of a single domain, or limit accesses per hour if that's possible?
i tried adding an entry in /etc/security/limits.conf which restricts numproc to 2 and then down to 1, but it doens't seem to make any impact on the load. load of the server drops from about 1.5-2 down to 0.02 when this single site is suspended, and i can't have it run wild.
ideally would like a message that says something along the lines of server is too busy... trying again in 5 seconds or something along those lines?
View 5 Replies
View Related
Jun 30, 2009
I need to create a subfolder under my domain name, and assign an ftp user to that folder. I want the user to only have access to that folder, is it possible? can you guys orient me, because I have no idea where to start, my hosting service provider is telling me I can only have one ftp account per domain, maybe I didn't explain correctly to my hosting provider.
View 1 Replies
View Related
Jun 17, 2008
Currently I have 1 user hosting crash in my cpanel server.
I fail to restore and terminate or recreate his account in whm.
May I know what is the steps to remove and clean the hosting account in ssh?
I user /script/killacct but fail. So, i need manualy to delete user, hositng account and his mysql database in ssh, mode.
View 9 Replies
View Related
Apr 20, 2014
Can't get it working, I want to set up a cron job for a domain user, but seems that there's a problem to find the php executable. The command is:
Code:
/usr/bin/php/ -f /var/www/vhosts/thedomain.com/httpdocs/test.php
But the report says
-: /usr/bin/php/: No such file or directoryClick to expand...
View 3 Replies
View Related
Aug 19, 2014
I have a problem with on domain. The domain is the "main-domain" of the customer but it is not shown in the overview /smb/web/view
Not with the User logged in and not with the admin logged in.
But I can change setting, when I call the detail-page manually: /smb/web/overview/id/d:26
I tried to lock/unlock the domain/account, but nothing worked.
I could not see any mistakes in the database.
Deleting and adding the domain would be a trick, but because of having many domains/subdomains and dns-entries this is not my first choice.
View 2 Replies
View Related
Oct 26, 2008
I want to buy a domain from Godaddy.com and host on a free webhost, that works really great. But I don't wanna get this problem when you visit the forum ->>> mydomain.com, I want it like this ->>> mydomain.com/forum/ and forum/index.php and all that stuff, so you can visit a thread directly.
But in my experiences before, I just got the mydomain.com, even if I visited the forum or an another page. Should I put the DNS or what to get the godaddy domain to work fine with the free webhost?
View 4 Replies
View Related
Jan 14, 2007
I thought i may as well post this here having already contacted my host. Just thought you knowledgable people may be able to give me some insight to this?
Well i am creating a sub-domain, and i obviously have site stats with AWStats for my primary domain name. If i was to create a sub-domain say example.sitename.com would i still receive the site stats for the sub as well as the primary one?
Anyone had any experience on this?
as midphase are good but generally take ages to get back to me and their response are rather general,
View 3 Replies
View Related
Mar 11, 2009
I'm working on a young site that will be changing its focus and its domain name to reflect the new focus. What is the correct way to change the domain name? In the past, I've simply created a new site in WHM/cPanel under the new domain name and copied the old site (and database) over, which was a great deal of work. Is there another way to do it that is less time consuming - without having to copy files? Are you not able to just change the domain name setting in WHM without having to copy the entire site over to a new directory on the server?
View 5 Replies
View Related
Jun 10, 2008
I have a web server running Server 2003 and IIS6. I can access everything fine via IP. Now I want to have a domain name work with it.
The server is in a .local domain environment. Does anyone have any info on how I should setup DNS for the web server if the domain itself is not getting any DNS info from the outside?
Is it just a matter of adding new A and NS records or do I need to be in a FQDN domain for it to work?
View 4 Replies
View Related
Jan 17, 2007
Is there a way that I could redirect total urls? By that I mean when someone goes to www.domain.com/whatever/file.php?id=345 they get redirected to www.anotherdomain.com/whatever/file.php?id=345
Im running apache 1.3
View 8 Replies
View Related
Mar 7, 2009
I'm new to using directadmin and I've got a problem; I've not yet switched the DNS over to the directadmin server 'cause I want to make sure the sites work first, however I can't find how to view the sites. With cpanel you can go to http://192.168.1.1/~username (where 192.168.1.1 = IP of server and username is username of account).
is this possible with directadmin? I can't find anything about it, anywhere.
View 6 Replies
View Related
Oct 21, 2007
I have what I think is kind of a unique situation with a site move and Google is not turning up an answer that seems to work.
My site is currently in this format:
www.mydomain.com/site/file.html
And I am "moving" it but also switching from html to php, so the same file would be found at:
site.mydomain.com/file.php
I want to redirect users going to the old pages to their equivalent on the new site, however this is a little bit of a problem because this is a normal subdomain - it is the same directory as before but now there are php versions of the html files.
Right now I have all of the http files redirecting to their php equivilents, but I don't believe this is a desirable solution. Also it creates a problem when people go to www.mydomain.com/site (not indicating a specific file; just the subdir root) because I have www.mydomain.com/site/index.html redirecting to www.mydomain.com/site/index.php.
Quite a mess.
My first option is to put the redirects in the htaccess file on the "old" site. But is this a problem because there are over 500 pages on the site? Does it create a heavy server load because any requests force the server to serve a huge htaccess file?
The next alternative seems the most preferable although I'm not sure how to do it. It seems it could use wildcards so that anyone going to *.html gets directed to *.php or something like that. The only problem is that there are a small number of files that were removed completely and do not have php equivilants (about 5 or 6) and would need to redirect to the index.php in the root
View 14 Replies
View Related